System and method for a kiosk in the mobile OS

ABSTRACT

A system and method include a kiosk processor, a device kiosk on a customer mobile device, which displays via a user interface, content and options for the customer from a third party customer service system, a customer interaction channel that receives, via an associated customer interaction network, a request to access the third party customer service system, via the device kiosk on a customer mobile device, an authentication module associated with the kiosk processor that receives customer data and customer input associated with an authentication request via a network to authenticate the customer, identifies a customer mobile device based on device identifiers, and evaluates risk factors associated with the customer mobile device, and a communication interface associated with the kiosk processor, that transmits, via a push notification gateway, a push notification to the device kiosk on the customer mobile device that establishes, via the network, a secure connection between the customer mobile device and the third party customer service system.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application contains subject matter related to and claims thebenefit of U.S. Provisional Patent Application No. 62/257,787, filed onNov. 20, 2015, the entire contents of which is incorporated herein byreference.

FIELD OF THE DISCLOSURE

The present disclosure relates to systems and methods for deliveringcustomer service via a kiosk application. The systems and methods fordelivering customer service use a customer mobile device as an openplatform to deliver customer service via the kiosk application.

BACKGROUND OF THE DISCLOSURE

Current systems and methods for delivering customer service utilizeInteractive Voice Response (IVR) systems and Automatic Call Distribution(ACD) systems to input and process a customer's response to a requestwhen calling to a third party customer service. The IVR and ACD systemsmay provide caller ID authentication, and may route customers to thecorrect call center group to handle their issue. The current processesof identifying and authenticating a customer in a call center mayinclude requesting sensitive data from the customer, such as an accountnumber, a transaction card number, a social security number, a mother'smaiden name, a password, and/or other personal data. A customer may berequired to wait in a queue to speak with a customer service agentduring periods of high call volumes. The customer service systems mayalso present all possible options to route a customer to a correct callcenter group before a customer is routed to the desired group.

Current systems for delivering customer service therefore are not onlyburdensome for customers but also time-consuming and costly forcompanies providing customer service to these customers.

These and other drawbacks exist.

BRIEF DESCRIPTION OF THE DRAWINGS

Various embodiments of the present disclosure, together with furtherobjects and advantages, may best be understood by reference to thefollowing description taken in conjunction with the accompanyingdrawings, in the several Figures of which like reference numeralsidentify like elements, and in which:

FIG. 1 depicts a schematic diagram of a system for using a customermobile device as an open platform to deliver third party customerservice via a device kiosk, according to an example embodiment of thedisclosure.

FIG. 2 depicts a schematic diagram of an example customer service centerfor use in a system for delivering customer service via a device kiosk,according to an example embodiment of the disclosure;

FIG. 3 depicts a flowchart illustrating an example method for deliveringcustomer service via a device kiosk on a customer's mobile device,according to an example embodiment of the disclosure;

FIG. 4 illustrates a flowchart illustrating an example method fordelivering customer service via a device kiosk on a customer's mobiledevice for a customer launching the kiosk application directly from acustomer mobile device; and

FIG. 5 depicts a flowchart illustrating an example method for pushauthentication, according to an example embodiment of the disclosure

DETAILED DESCRIPTION OF THE EMBODIMENTS

The following description is intended to convey a thorough understandingof the embodiments described by providing a number of specific exemplaryembodiments and details involving systems and methods for using acustomer mobile device as an open platform to deliver third partycustomer service via a device kiosk. It should be appreciated, however,that the present disclosure is not limited to these specific embodimentsand details, which are exemplary only. It is further understood that onepossessing ordinary skill in the art, in light of known systems andmethods, would appreciate the use of the invention for its intendedpurposes and benefits in any number of alternative embodiments,depending on specific design and other needs. A customer service centerand system supporting a customer service center are used as examples forthe disclosure. The disclosure is not intended to be limited to customerservice centers only.

As described herein, a device kiosk may be an application or extensionof an existing application that is preloaded on a mobile operatingsystem. The device kiosk may have differentiated access to the mobileoperating system via private APIs, and may be connected through a dataconnection to a server managed by the mobile network operator (MNO) ororiginal equipment manager (OEM). Third party systems that wish toleverage the kiosk experience for their customers may integrate with aset of APIs made accessible to them that interacts with the server. Thethird party systems may make calls to the APIs using a token provided bythe MNO/OEM. The set of APIs may provide a secure communication betweena customer mobile device and a third party system.

The examples disclosed herein are directed to systems and methods forusing a customer mobile device as an open platform to deliver thirdparty customer service via a device kiosk. Though the example providedherein relates to delivering customer service via a device kiosk, one ofskill in the art would appreciate that the digital authenticationchannel techniques described herein could be utilized in variouscustomer interaction channels such as the various channels identifiedbelow.

FIG. 1 illustrates an example system for using a customer mobile deviceas an open platform to deliver third party customer service via a kioskapplication. According to the various embodiments of the presentdisclosure, a system 100 for delivering third party customer service viaa kiosk application may include a third party system 150, a kiosk system130, and a customer device 140 connected over network 110. System 100may utilize an open architecture that does not rely on an integration ofthe operating system of the customer mobile device and the third partysystem.

A third party system 150 may receive customer data from a customerinteraction network associated with an incoming call or websitegenerated request. A customer device 140 may receive an option to accessthe third party system 150, via a device kiosk 144 on the customer'sdevice 140. A customer may transmit a response, and the third partysystem 150 may trigger a silent push notification, via a pushnotification gateway, to a kiosk processor. A response may includespeech and/or input via a keypad or touchscreen. The push notificationmay include an embedded deep link in the payload to the third partyservice system 150.

The kiosk processor may determine authentication data based on thecustomer data and/or input, customer device data and risk factorsassociated with the customer device, and may utilize this authenticationdata to authenticate the customer, identify the customer device 140 andevaluate risk factors associated with the customer device 140. The kioskprocessor may transmit, via a communication interface associated withthe kiosk processor, the push notification to the customer device 140.When the push notification is received by the customer device 140, thedevice kiosk 144 on the customer device 140 may be opened, and a secureconnection between the customer device 140 and the third party system150 may be established, via the network 110.

The device kiosk 144 may use the transmitted deep link to make a call tothe kiosk processor for data to present to the customer. The devicekiosk 144 may display customer service system content and options fromthe third party system 150, via a user interface on the customer device140. The customer may respond to the displayed customer service systemcontent and options by entering data or making a selection. A responsemay include speech and/or input via a keypad or touchscreen. The devicekiosk 144 may transmit the customer's responsive data to the kioskprocessor, which may transmit the customer's response to the third partysystem 150. The third party system 150 may evaluate the customer'sresponse to the displayed content and options, and may transmitresponsive content and options based on the customer's response to thekiosk processor. The device kiosk 144 may display, via a user interface,the responsive third party system content and options.

The device kiosk 144 may access settings and features on the customerdevice 140 (e.g., text formatting (text size, font, format, bullets,numbered lists), contrast, language, screen reader for the blind or lowimage, and imagery to assist the illiterate, clarify branding, conveycomplicated topics or ease recognition of options) to display a userinterface. The device kiosk 144 may display breadcrumb trails to providethe user with a navigation tool to see and to navigate the user'slocation within the flow of the third party system processing, via theuser interface, and may provide the ability to deep link to the thirdparty system's application or website for more information or onlineservicing options. The device kiosk 144 may access content stored on thecustomer device 140 (e.g., photos, camera, device identificationinformation, security settings, information in the customer device'sdata storage 146).

The network 110 may be one or more of a wireless network, a wirednetwork, or any combination of a wireless network and a wired network.For example, network 110 may include one or more of a fiber opticsnetwork, a passive optical network, a cable network, an Internetnetwork, a satellite network, a wireless LAN, a Global System for MobileCommunication (GSM), a Personal Communication Service (PCS), a PersonalArea Networks, (PAN), D-AMPS, Wi-Fi, Fixed Wireless Data, IEEE 802.11b,802.15.1, 802.11n, and 802.11g or any other wired or wireless networkfor transmitting and receiving a data signal.

In addition, network 110 may include, without limitation, telephonelines, fiber optics, IEEE Ethernet 902.3, a wide area network (WAN), alocal area network (LAN) or a global network such as the Internet. Also,network 110 may support an Internet network, a wireless communicationnetwork, a cellular network, or the like, or any combination thereof.Network 110 may include one network, or any number of example types ofnetworks mentioned above, operating as a stand-alone network or incooperation with each other. Network 110 may utilize one or moreprotocols of one or more network elements to which they arecommunicatively couples. Network 110 may translate to or from otherprotocols to one or more protocols of network devices. Although network110 is depicted as a single network, it should be appreciated thataccording to one or more embodiments, network 110 may comprise aplurality of interconnected networks, such as, for example, theInternet, a service provider's network, a cable television network,corporate networks, and home networks.

A kiosk system 130 may access network 110 through one or more kioskprocessors that may be communicatively coupled to the network 110. Oneor more customers may access the network 110 through one or morecustomer devices 140 that also may be communicatively coupled to thenetwork 110. A third party may access network 110 through one or morethird party systems 150 that also may be communicatively coupled tonetwork 110.

An example kiosk system 130, customer device 140 and/or third partysystem 150, may include one or more network-enabled computers to processinstructions for delivering customer service via a kiosk application300, 400. As referred to herein, a network-enabled computer may include,but is not limited to: e.g., any computer device, or communicationsdevice including, e.g., a server, a network appliance, a personalcomputer (PC), a workstation, a mobile device, a phone, a handheld PC, apersonal digital assistant (PDA), a thin client, a fat client, anInternet browser, or other device. The one or more network-enabledcomputers of the example system 100 may execute one or more softwareapplications for delivering third party customer service via a devicekiosk.

An example kiosk system 130, customer device 140 and/or third partysystem 150 may include, for example, a processor, which may be severalprocessors, a single processor, or a single device having multipleprocessors. A kiosk system 130, customer device 140 and/or third partysystem 150 may access and be communicatively coupled to the network 110.A kiosk system 130, customer device 140 and/or third party system 150may store information in various electronic storage media, such as, forexample, a database and/or other data storage (e.g., data storage 136,146, 154). Electronic information may be stored in a kiosk system 130,customer device 140 and/or third party system 150 in a format such as,for example, a flat file, an indexed file, a hierarchical database, apost-relational database, a relational database, such as a databasecreated and maintained with software from, for example Oracle®Corporation, Microsoft® Excel file, Microsoft® Access file, or any otherstorage mechanism.

An example kiosk system 130, customer device 140 and/or third partysystem 150 may send and receive data using one or more protocols. Forexample, data may be transmitted and received using Wireless ApplicationProtocol (WAP), Multimedia Messaging Service (MMS), Enhanced MessagingService (EMS), Short Message Service (SMS), Global System for MobileCommunications (GSM) based systems, Time Division Multiplexing (TDM)based systems, Code Division Multiples Access (CDMA) based systemssuitable for transmitting and receiving data. Data may be transmittedand received wirelessly or may utilize cabled network connections ortelecom connections, fiber connections, traditional phone wirelineconnection, a cable connection, or other wired network connection.

Each kiosk system 130, customer device 140 and/or third party system 150of FIG. 1 also may be equipped with physical media, such as, but notlimited to, a compact disc (CD), a digital versatile disc (DVD), afloppy disk, a hard drive, read only memory (ROM), random access memory(RAM), as well as other physical media capable of storing software, orcombinations thereof. Kiosk system 130, customer device 140 and/or thirdparty system 150 may be able to perform the functions associated withmethods for delivering customer service via a device kiosk on acustomer's mobile device 300, 400. Kiosk system 130, customer device 140and/or third party system 150 may, for example, maintain the softwarefor methods for digital authentication, obviating the need for aseparate device on the network 110 to run the methods maintained in akiosk system 130, customer device 140 and/or third party system 150.

Furthermore, the information stored in a database may be available overthe network 110, with the network containing data storage. A databasemaintained in kiosk system 130, customer device 140 and/or third partysystem 150 or the network 110, may store, or may connect to externaldata warehouses that store, for example, customer account data, customerprivacy data, and/or customer authentication data.

A kiosk system 130 may include authentication component 132 and/or datastorage 136. A kiosk system 130 may include data and/or components,systems, and interfaces, including components application programminginterfaces to enable the generation, transmission, and processing ofdigital authentication data. As used herein, the term “component” may beunderstood to refer to computer executable software, firmware, hardware,or various combinations thereof. It is noted that the components areexemplary. The components may be combined, integrated, separated, orduplicated to support various applications. Also, a function describedherein as being performed at a particular component, system, orinterface may be performed at one or more other components, systems, andinterfaces and by one or more other devices instead of or in addition tothe function performed at the particular component. Further, thecomponents, systems, and interfaces may be implemented across multipledevices or other components local or remote to one another.Additionally, the components may be moved from one device and added toanother device, or may be included in both devices.

Customer data may include for example, account number, customer name,date of birth, address, phone number(s), email address, payment data(e.g., financial account number used to make payments, financialinstitution address, phone number, website, and the like), transactionhistory, customer preferences, and the like. Customer preferences mayinclude, for example, preferred method of contact, preferred method oftransmitting authentication code, preferred travel destinations,airlines, hotel chains, car rental company, and the like, preferred timeof day for a call or maintenance visit, preferred call centerrepresentative, preferred nickname, and other customer preferences.Customer privacy data may include, for example, customer social securitynumber digits, mother's maiden name, account number, financial accountdata, a password, a PIN, customer privacy preferences, such as a methodof transmission of a one-time authentication code (e.g., SMS, email,voicemail, and the like), biometric data, customer patterns and/or anyother privacy data associated with the customer. Customer authenticationdata may include, for example, customer-specific authentication history(e.g., date and time of customer authentication, authentication attemptdetails, customer representative associated with authenticationrequests, and the like), customer service statistics (e.g., number ofauthentication-related issues per hour, number of authentication-relatedper representative, number of issues resolved, number of unresolvedissues, and the like), customer authentication preferences (e.g.,preferred method of transmitting an authentication code or notification,preferred method of authentication, and the like), and/or anyauthentication-related identifiers (e.g., customer service address,phone number(s), identification number, and the like).

An account may include, for example, a credit card account, a prepaidcard account, stored value card account, debit card account, check cardaccount, payroll card account, gift card account, prepaid credit cardaccount, charge card account, checking account, rewards account, line ofcredit account, credit account, mobile device account, an accountrelated to goods and/or services, or mobile commerce account. An accountmay or may not have an associated card, such as, for example, a creditcard for a credit account or a debit card for a debit account. Theaccount may enable payment using biometric authentication, orcontactless based forms of authentication, such as QR codes ornear-field communications. The account card may be associated oraffiliated with one or more social networking sites, such as aco-branded credit card.

Kiosk system 130 may access data from third party system 150 andcustomer device 140. Kiosk system 130 may be electronically connected toexternal data storage (e.g., a cloud (not shown)) that may provide datato kiosk system 130. Data stored and/or obtained by kiosk system 130 mayinclude customer account data, customer privacy data, and/or customerauthentication data. Customer authentication data, as described above,may be calculated based on data received from each authenticationattempt and/or authentication-related issue (e.g., locked account,failed authentication attempt, and the like) received kiosk system 130(e.g., whether the issue was resolved, whether the user wasauthenticated, and the like). Customer authentication data may also bereceived from external systems (not shown), such as customerauthentication rating and feedback data related to the customerauthentication.

A kiosk system 130 may include modules, systems, and interfaces to sendand/or receive data for use in other modules, such as communicationinterface 134. A communication interface 134 may include varioushardware and software components, such as, for example, a repeater, amicrowave antenna, a cellular tower, or another network access devicecapable of providing connectivity between network mediums. Thecommunication interface 134 may also contain various software and/orhardware components to enable communication over a network 110. Forexample, communication interface 134 may be capable of sending orreceiving signals via network 110. Moreover, communication interface 134may provide connectivity to one or more wired networks and may becapable of receiving signals on one medium such as a wired network andtransmitting the received signals on a second medium such as a wirelessnetwork.

A kiosk system 130 may include an authentication module 132 to generateand process authentication data associated with a customer. Aauthentication module 132 may generate authentication data based on acustomer device, customer account data, customer privacy data, riskfactors associated with the customer device, and/or customerauthentication data. The risk factors may indicate that a user wasfraudulently authenticated, and may include whether the customer deviceis jailbroken, whether device location services are turned on or off,GPS location, whether the phone has been lost or reported stolen to theMNO, reports of fraud or compromise from other services on the device(e.g., payment services).

Authentication data may include an alphanumeric code, a customerpattern, biometric data, a password, registered information (e.g.,registered known devices), device fingerprinting, device authenticationmechanisms (e.g., device PIN, device pattern login, device fingerprintor other device biometric), and the like. Customer device data includeinformation such as service provider, device make, device model, devicenumber, device IP address, and/or service provider plan data. Customerdevice data may be determined using data stored in customer account dataand/or data received from a third party, such as a customer serviceprovider. Authentication module may identify a customer device 140 usingdevice fingerprinting (where many factors of the device are used touniquely recognize the device), cookies, device ID (secure element ID(SEID), mobile equipment identifier (MEID), international mobileequipment identifier (IEMEI), mobile directory number (MDN), mobileidentifier number (MIN), and SIM card identifier), mobile documentverification. The device specific identifiers may not be accessible tothird party applications, but may be available to a device manufactureror mobile network operator's application or a third party applicationwith access to certain private APIs that would provide this information.

As an example, authentication data may be generated to include analphanumeric code (e.g., a four-digit code, an-eight-digit code, and thelike) and/or a user confirmation request. Authentication data may begenerated in response to received data, such as data input on a userdevice and transmitted to a customer authentication device. Theauthentication data may be generated based on a phone number, accountnumber, personal code (e.g., PIN and/or password), birthdate, and/orother user-input data. By way of example, authentication module 132 mayreceive the user-input data and generate an authentication code, such asa security token, a code generated by using a hash function, and thelike. Authentication data may be generated by authentication module toexpire within a predetermined amount of time, such as one minute, thirtysecond, and the like.

Authentication code data be generated based on geo-location data, suchas a location associated with a customer device (e.g., customer device140 or customer device 202). For example, if a customer is requestingauthentication from a first device and the authentication module 132determines that an authentication code should be transmitted to a secondcustomer device based on data stored in data storage 136 (or from athird party), the authentication module 132 may determine a location ofthe first customer device and a location of the second customer device,for example when geo-location services are activated at the customerdevice(s). When the authentication module 132 determines that the firstcustomer device is not within a predetermined distance (500 feet, onemile, and the like) from the second customer device, the authenticationmodule 132 may determine than an authentication code cannot begenerated.

Authentication data may be generated to be included with a notification,such as an SMS message, an MMS message, an e-mail, a push notification,a voicemail message, and the like. A notification may include dataindicative of how to use the authentication code and/or data indicativeof a customer authentication request. For example, where authenticationdata is transmitted in a push notification, the push notification mayinclude a link to open a website, a mobile application, anauthentication request notification, and/or an SMS message to input theauthentication code and/or response. In the same manner, an SMS message,MMS message, e-mail, and the like may include a link to direct acustomer to input the authentication data and/or authentication responsefor transmission to the kiosk system 130.

Authentication data may be generated without being included in anotification. For example, kiosk system 130 may transmit audio dataindicative of the authentication code and/or instructions to log into anapplication or website to input the authentication code and/or anauthentication response. The type of notification and length of code maybe determined based on the customer account data, customer privacy data,and/or customer authentication system data.

A kiosk system 130 may store information in various electronic storagemedia, such as data storage 136. Electronic information, files, anddocuments may be stored in various ways, including, for example, a flatfile, indexed file, hierarchical database, relational database, such asa database created and maintained with software from, for example,Oracle® Corporation, a Microsoft® SQL system, an Amazon cloud hosteddatabase or any other query-able structured data storage mechanism.

A third party system 150 may be, for example, a customer service centerand/or a company, such as a financial institution (e.g., a bank, acredit card provider, or any other entity that offers financial accountsto customer), a travel company (e.g., an airline, a car rental company,a travel agency, or the like), an insurance company, a utility company(e.g., a water, gas, electric, television, internet, or other utilityprovider), a manufacturing company, and/or any other type of companywhere a customer may be required to authenticate and account oridentity. The third party system 150 may be, for example, part of thebackend computing systems and associated servers of a customer servicecenter and/or company. The third party system 150 may include a paymentsystem, integrated with the kiosk system 130, through which a customermay complete payment, via the device kiosk 144.

A third party system may utilize and directly integrate InteractiveVoice Response (IVR) systems and Automatic Call Distribution (ACD)systems to input and process a customer's response to a request whencalling the third party. IVR systems, ACD systems, voice portals andother telecommunications interaction and management systems areincreasingly used to provide services for customers, employees and otherusers. An IVR system may be able to receive and recognize a callerrequest and/or selection using speech recognition and/or dual-tonemulti-frequency signaling (DTMF). An IVR system may receive initialcaller data without requiring a response from the caller, such as acaller line identifier (CLI) from the network used by the caller toaccess the IVR system. Moreover, an IVR system may be able to determinea prioritization or routing of a call based on the Dialed NumberIdentification Service (DNIS), which determines the number dialed by thecaller. An IVR system may also use a voice response unit (VRU) in orderto execute either a pre-determined script or a script based on callerresponses received using speech recognition or DTMF technologies. Inaddition, an IVR system may be implemented in a variety of settings,such as a voice caller setting, a video caller setting, and/orcoordinated interactions using a telephone and a computer, such asComputer Telephony Integration (CTI) technology.

A third party system 150 may include data storage 154. A third partysystem 150 may include data and/or components to enable the generation,transmission, and processing of customer data. Third party system 150may access data stored within data storage 154 and/or data storedexternal to a third party system 150. For example, a third party system150 may be electronically connected to external data storage (not shown)that may provide data to a customer third party system 150. Data storedand/or obtained by a third party system 150 may include customer accountdata, customer privacy data, customer authentication data, and/orcustomer mobile device data. Customer authentication data, as describedabove, may be calculated based on data received from each authenticationattempt and/or authentication-related issue (e.g., locked account,failed authentication attempt, and the like) received at third partysystem 150 (e.g., whether the issue was resolved, whether the user wasauthenticated, and the like). Customer authentication data may also bereceived from external systems (not shown), such as customerauthentication rating and feedback data related to the customerauthentication.

A third party system 150 may include components to send and/or receivedata for use in other components, such as communication interface 152. Acommunication interface 152 may include various hardware and softwarecomponents, such as, for example, a repeater, a microwave antenna, acellular tower, or another network access device capable of providingconnectivity between network mediums. The communication interface 152may also contain various software and/or hardware components to enablecommunication over a network 110. For example, communication interface152 may be capable of sending or receiving signals via network 110.Moreover, communication interface 152 may provide connectivity to one ormore wired networks and may be capable of receiving signals on onemedium such as a wired network and transmitting the received signals ona second medium such as a wireless network.

A customer device 140 may include for example, a network-enabledcomputer. In various example embodiments, customer device 140 may beassociated with any individual or entity that desires to utilize digitalauthentication data in order to authenticate the customer. As referredto herein, a network-enabled computer may include, but is not limitedto: e.g., any computer device, or communications device including, e.g.,a server, a network appliance, a personal computer (PC), a workstation,a mobile device, a phone, a handheld PC, a personal digital assistant(PDA), a thin client, a fat client, an Internet browser, or otherdevice. The one or more network-enabled computers of the example system100 may execute one or more software applications to enable, forexample, network communications.

Customer device 140 also may be a mobile device: For example, a mobiledevice may include an iPhone, iPod, iPad from Apple® or any other mobiledevice running Apple's iOS operating system, any device running Google'sAndroid® operating system, including for example, Google's wearabledevice, Google Glass, any device running Microsoft's Windows® Mobileoperating system, and/or any other smartphone or like wearable mobiledevice. Customer device 140 also may include a handheld PC, a phone, asmartphone, a PDA, a tablet computer, or other device. Customer device140 may include device-to-device communication abilities, such as, forexample, RFID transmitters and receivers, cameras, scanners, and/or NearField Communication (NFC) capabilities, which may allow forcommunication with other devices by touching them together or bringingthem into close proximity. Exemplary NFC standards include ISO/IEC18092:2004, which defines communication modes for Near FieldCommunication Interface and Protocol (NFCIP-1). For example, customerdevice 130 may be configured using ApplePay™, Android Pay™, and/orSamsung Pay™ or the like. Other exemplary NFC standards include thosecreated by the NFC Forum.

Customer device 140 may include one or more software applications, sucha mobile application, device kiosk 144, associated with kiosk system130. For example, a kiosk software application may be a preloadedapplication on a mobile device, or extensions of an existing applicationthat could be used by third party system 150 to deliver call centerexperiences. Customer device 140 may include a display which may displaysoftware, including software applications, such as a kiosk application,executing on the customer device 140.

Customer device 140 may include components to send and/or receive datafor use in other components, such as communication interface 142. Acommunication interface 142 may include various hardware and softwarecomponents, such as, for example, a repeater, a microwave antenna, acellular tower, or another network access device capable of providingconnectivity between network mediums. The communication interface 142may also contain various software and/or hardware components to enablecommunication over a network 110. For example, communication interface142 may be capable of sending or receiving signals via network 110.Moreover, communication interface 142 may provide connectivity to one ormore wired networks and may be capable of receiving signals on onemedium such as a wired network and transmitting the received signals ona second medium such as a wireless network. One or more customers mayaccess network 110 through one or more customer devices 140 that alsomay be communicatively coupled to network 110.

Customer device 140 may include data storage 146 to store information invarious electronic storage media. Electronic information, files, anddocuments may be stored in various ways, including, for example, a flatfile, indexed file, hierarchical database, relational database, such asa database created and maintained with software from, for example,Oracle® Corporation, a Microsoft® SQL system, an Amazon cloud hosteddatabase or any other query-able structured data storage mechanism.

Referring to FIG. 2, which depicts an example system 200 that may enablea system, such as a third party call center system 150, for example, toprovide network services to its customers. As shown in FIG. 2, system200 may include a customer device 202, a network 204, a front-endcontrolled domain 206, a back-end controlled domain 212, and a backend218. Front-end controlled domain 206 may include one or more loadbalancers 208 and one or more web servers 210. Back-end controlleddomain 212 may include one or more load balancers 214 and one or moreapplication servers 216.

Customer device 202 may be a network-enabled computer, similar tocustomer device 140. As referred to herein, a network-enabled computermay include, but is not limited to: e.g., any computer device, orcommunications device including, e.g., a server, a network appliance, apersonal computer (PC), a workstation, a mobile device, a phone, ahandheld PC, a personal digital assistant (PDA), a thin client, a fatclient, an Internet browser, or other device. The one or morenetwork-enabled computers of the example system 200 may execute one ormore software applications to enable, for example, networkcommunications.

Customer device 202 also may be a mobile device: For example, a mobiledevice may include an iPhone, iPod, iPad from Apple® or any other mobiledevice running Apple's iOS operating system, any device running Google'sAndroid® operating system, including for example, Google's wearabledevice, Google Glass, any device running Microsoft's Windows® Mobileoperating system, and/or any other smartphone or like wearable mobiledevice.

Network 204 may be one or more of a wireless network, a wired network,or any combination of a wireless network and a wired network. Forexample, network 204 may include one or more of a fiber optics network,a passive optical network, a cable network, an Internet network, asatellite network, a wireless LAN, a Global System for MobileCommunication (GSM), a Personal Communication Service (PCS), a PersonalArea Networks, (PAN), D-AMPS, Wi-Fi, Fixed Wireless Data, IEEE 802.11b,802.15.1, 802.11n, and 802.11g or any other wired or wireless networkfor transmitting and receiving a data signal.

In addition, network 204 may include, without limitation, telephonelines, fiber optics, IEEE Ethernet 902.3, a wide area network (WAN), alocal area network (LAN) or a global network such as the Internet. Also,network 204 may support an Internet network, a wireless communicationnetwork, a cellular network, or the like, or any combination thereof.Network 204 may include one network, or any number of example types ofnetworks mentioned above, operating as a stand-alone network or incooperation with each other. Network 204 may utilize one or moreprotocols of one or more network elements to which they arecommunicatively couples. Network 204 may translate to or from otherprotocols to one or more protocols of network devices. Although network204 is depicted as a single network, it should be appreciated thataccording to one or more embodiments, network 204 may comprise aplurality of interconnected networks, such as, for example, theInternet, a service provider's network, a cable television network,corporate networks, and home networks.

Front-end controlled domain 206 may be implemented to provide securityfor backend 218. Load balancer(s) 208 may distribute workloads acrossmultiple computing resources, such as, for example computers, a computercluster, network links, central processing units or disk drives. Invarious embodiments, load balancer(s) 208 may distribute workloadsacross, for example, web server(s) 210 and/or backend 218 systems. Loadbalancing aims to optimize resource use, maximize throughput, minimizeresponse time, and avoid overload of any one of the resources. Usingmultiple components with load balancing instead of a single componentmay increase reliability through redundancy. Load balancing is usuallyprovided by dedicated software or hardware, such as a multilayer switchor a Domain Name System (DNS) server process.

Load balancer(s) 208 may include software that monitoring the port whereexternal clients, such as, for example, customer device 202, connect toaccess various services of a call center, for example. Load balancer(s)208 may forward requests to one of the application servers 216 and/orbackend 218 servers, which may then reply to load balancer 208. This mayallow load balancer(s) 208 to reply to customer device 202 withoutcustomer device 202 ever knowing about the internal separation offunctions. It also may prevent customer devices from contacting backendservers directly, which may have security benefits by hiding thestructure of the internal network and preventing attacks on backend 218or unrelated services running on other ports, for example.

A variety of scheduling algorithms may be used by load balancer(s) 208to determine which backend server to send a request to. Simplealgorithms may include, for example, random choice or round robin. Loadbalancers 208 also may account for additional factors, such as aserver's reported load, recent response times, up/down status(determined by a monitoring poll of some kind), number of activeconnections, geographic location, capabilities, or how much traffic ithas recently been assigned.

Load balancers 208 may be implemented in hardware and/or software. Loadbalancer(s) 208 may implement numerous features, including, withoutlimitation: asymmetric loading; Priority activation: SSL Offload andAcceleration; Distributed Denial of Service (DDoS) attack protection;HTTP compression; TCP offloading; TCP buffering; direct server return;health checking; HTTP caching; content filtering; HTTP security;priority queuing; rate shaping; content-aware switching; clientauthentication; programmatic traffic manipulation; firewall; intrusionprevention systems.

Web server(s) 210 may include hardware (e.g., one or more computers)and/or software (e.g., one or more applications) that deliver webcontent that can be accessed by, for example a client device (e.g.,customer device 202) through a network (e.g., network 204), such as theInternet. In various examples, web servers, may deliver web pages,relating to, for example, online banking applications and the like, toclients (e.g., caller device 202). Web server(s) 210 may use, forexample, a hypertext transfer protocol (HTTP or sHTTP) to communicatewith customer device 202. The web pages delivered to client device mayinclude, for example, HTML documents, which may include images, stylesheets and scripts in addition to text content.

A user agent, such as, for example, a web browser, web crawler, ornative mobile application, may initiate communication by making arequest for a specific resource using HTTP and web server 210 mayrespond with the content of that resource or an error message if unableto do so. The resource may be, for example a file on stored on backend218. Web server(s) 210 also may enable or facilitate receiving contentfrom customer device 202 so customer device 202 may be able to, forexample, submit web forms, including uploading of files.

Web server(s) also may support server-side scripting using, for example,Active Server Pages (ASP), PHP, or other scripting languages.Accordingly, the behavior of web server(s) 210 can be scripted inseparate files, while the actual server software remains unchanged.

Load balancers 214 may be similar to load balancers 208 as describedabove.

Application server(s) 216 may include hardware and/or software that isdedicated to the efficient execution of procedures (e.g., programs,routines, scripts) for supporting its applied applications. Applicationserver(s) 216 may comprise one or more application server frameworks,including, for example, Java application servers (e.g., Java platform,Enterprise Edition (Java EE), the .NET framework from Microsoft®, PHPapplication servers, and the like). The various application serverframeworks may contain a comprehensive service layer model. Also,application server(s) 216 may act as a set of components accessible to,for example, a call center, system supported by a call center, or otherentity implementing system 200, through an API defined by the platformitself. For Web applications, these components may be performed in, forexample, the same running environment as web server(s) 210, andapplication servers 216 may support the construction of dynamic pages.Application server(s) 216 also may implement services, such as, forexample, clustering, fail-over, and load-balancing. In variousembodiments, where application server(s) 216 are Java applicationservers, the web server(s) 216 may behaves like an extended virtualmachine for running applications, transparently handling connections todatabases associated with backend 218 on one side, and, connections tothe Web client (e.g., customer device 202) on the other.

Backend 218 may include hardware and/or software that enables thebackend services of, for example, a customer authentication system orother entity that maintains a distributed system similar to system 200.For example, backend 218 may include a system of customer authenticationrecords, mobile applications, online platforms, and the like. In theexample where a backend 218 is associated with a financial institution,backend 218 may include a system of record, online banking applications,a rewards platform, a payments platform, a lending platform, includingthe various services associated with, for example, auto and home lendingplatforms, a statement processing platform, one or more platforms thatprovide mobile services, one or more platforms that provide onlineservices, a card provisioning platform, a general ledger system, and thelike. Backend 218 may be associated with various databases, includingaccount databases that maintain, for example, customer account data,customer privacy data, and or customer authentication data. Additionaldatabases may maintain customer account information, product databasesthat maintain information about products and services available tocustomers, content databases that store content associated with, forexample, a financial institution, and the like. Backend 218 also may beassociated with one or more servers that enable the various servicesprovided by system 200.

FIG. 3 depicts a flowchart illustrating an example method for deliveringcustomer service via a device kiosk on a customer's mobile device,according to an example embodiment. The method 300 illustrated in FIG. 3is described using a third party customer service system, a kioskprocessor, and a customer interaction channel. One of ordinary skill inthe art will understand that similar techniques for delivering thirdparty customer service systems could be utilized in various othercustomer interaction channels referenced herein.

The method 300 may begin at block 302. At block 304, a third partysystem may receive customer data from a customer interaction networkassociated with an incoming call or website generated request. The thirdparty system may receive the customer data via an IVR system and/or by acustomer service representative. Customer data may include initialcaller data such as a CLI from the network used by the customer toaccess the third party customer service system. Customer data may alsoinclude a DNIS, which may be used to initially route the call orrequest. The CLI and DNIS may be used to look up customer dataassociated with an authentication request from a customer device. Forexample, the customer and third party system may initiate a databaseinquiry using the CLI and DNIS to an account database to determine if acustomer can be identified using the CLI and/or DNIS. In such anexample, if the CLI and/or DNIS is associated with a data fieldassociated with a particular customer, the database could returnidentification information about the customer and the customer data. Athird party customer service system may, in response to receivingcustomer data from the network associated with an incoming call,generate and transmit scripted data using a VRU to a customer device,where the scripted data may request information from the customer viathe customer device. For example, scripted data may include a request toenter a phone number, account number, or other data using a keypadand/or touchscreen associated with customer device. Scripted data mayinclude a request for a customer to select whether the customer wouldlike to proceed with the third party customer service authentication.

A customer mobile device may receive an option to access the customerservice system via a device kiosk on the customer's mobile device, block306. When a customer transmits a response, the third party customerservice system may trigger a silent push notification, via a pushnotification gateway, to a kiosk processor. A response may includespeech and/or input via a keypad or touchscreen. The push notificationmay include an embedded deep link in the payload to the third partycustomer service system. At block 308, the kiosk processor may determineauthentication data based on the customer data and/or input, customerdevice data and risk factors associated with the customer devicereceived at block 304. The kiosk processor may utilize thisauthentication data to authenticate the customer, identify the customermobile device and evaluate risk factors associated with the customermobile device.

The kiosk processor may transmit, via a communication interfaceassociated with the kiosk processor, the push notification to thecustomer mobile device. When the push notification is received by thecustomer mobile device, the device kiosk on the customer mobile devicemay be opened, and a secure connection between the customer mobiledevice and the third party customer service system may be established,via the network (block 310). The customer may be asked by the devicekiosk if the customer wants to connect to the given third party system.The customer may be given option to connect, not connect, or refuse orblock all connections from this third party.

If a push notification is not transmitted to a customer mobile device,the kiosk processor needs to identify what third party is beingrequested when the customer opens the device kiosk on the customermobile device. The kiosk processor may identify what third party isbeing requested by matching an outbound call made by the customer to athird party via a lookup table or database. The kiosk processor may thenmake a call to the third party customer service system requestingcustomer content and options to be displayed, via a user interface, bythe device kiosk.

The device kiosk may use the transmitted deep link to make a call to thekiosk processor for data to present to the customer. The device kioskmay also make a call directly to the third party customer service systemafter the secure connection between the customer mobile device and thethird party customer service system is established. At block 312, thedevice kiosk may display customer service system content and optionsfrom the third party system, via a user interface on the customer mobiledevice.

The kiosk processor may be connected to a content management system(CMS) or content delivery network (CDN) that third parties may use todeliver their content which may include video, imagery, an other typesof downloadable files. Data may be temporarily or permanently stored onthe CMS and CDN. The kiosk processor and component may present contentusing a series of templates. The template may be specified in an APIrequest from the third party system to the kiosk processor, and couldreduce the amount of data sent, thereby increasing the speed of thedevice kiosk and overall interaction. The template may be configurableto maintain the branding of the third party, and may be stored on thekiosk processor, component, or a combination of both.

The customer may respond to the displayed customer service systemcontent and options by entering data or making a selection. A responsemay include speech and/or input via a keypad or touchscreen. The devicekiosk may transmit the customer's responsive data to the kioskprocessor, which may transmit the customer's response to the third partycustomer service system. At block 314, the third party customer servicesystem may evaluate the customer's response to the displayed content andoptions. At block 316, the third party customer service system maytransmit responsive content and options based on the customer's responseto the kiosk processor. At block 318, the device kiosk may display, viaa user interface, the responsive third party system content and options.The method may end at block 320.

FIG. 4 illustrates a flowchart illustrating an example method fordelivering customer service via a device kiosk on a customer's mobiledevice for a customer launching the kiosk application directly from thecustomer mobile device, according to an example embodiment.

The method 400 illustrated in FIG. 4 is described using a third partycustomer service system, a kiosk processor, and a customer interactionchannel. One of ordinary skill in the art will understand that similartechniques for delivering third party customer service systems could beutilized in various other customer interaction channels referencedherein.

The method 400 may begin at block 402. At block 404, a customer maylaunch a kiosk application, via a device kiosk on the customer's mobiledevice. The customer may select a third party from a recently used list,bookmarked list, saved list, list of nearby merchants, directory, searchresults, etc. At block 406, the device kiosk may call the kioskprocessor with a third party identifier of the selected third party.

At block 408, the kiosk processor may determine authentication databased on the customer data and/or input, customer device data and riskfactors associated with the customer device received at block 404. Thekiosk processor may utilize this authentication data to authenticate thecustomer, identify the customer mobile device and evaluate risk factorsassociated with the customer mobile device. At block 410, the kiosksystem may establish a secure connection between the customer mobiledevice and the third party customer service system, via the network.

The device kiosk may use a transmitted deep link to make a call to thekiosk processor for data to present to the customer. At block 412, thedevice kiosk may display customer service system content and optionsfrom the third party system, via a user interface on the customer mobiledevice. The customer may respond to the displayed customer servicesystem content and options by entering data or making a selection. Aresponse may include speech and/or input via a keypad or touchscreen.The device kiosk may transmit the customer's responsive data to thekiosk processor, which may transmit the customer's response to the thirdparty customer service system. At block 414, the third party customerservice system may evaluate the customer's response to the displayedcontent and options. At block 416, the third party customer servicesystem may transmit responsive content and options based on thecustomer's response to the kiosk processor. At block 418, the devicekiosk may display, via a user interface, the responsive third partysystem content and options. The device kiosk may provide the ability tocall and/or online chat with specific third party system agents, and mayprovide the ability for a third party system agent to leave a messagefor the customer. A third party agent may push a link to the devicekiosk, that may be saved for a customer to access. The method may end atblock 420.

FIG. 5 depicts a swim lane diagram illustrating an example method 500for push authentication, according to an example embodiment of thedisclosure. In various embodiments, a customer 501 may desire to performa transaction within a particular channel. A requesting platform 503associated with that channel may request to use push authentication toauthorize the transaction. For example, a customer may call into a callcenter and wish to pay a credit card balance. A requesting platformassociated with the call center channel may interact with a pushnotification gateway 505 to authorize the customer to allow the customerto perform the balance transfer. The push notification gateway 505 mayand interact with a mobile application 507 on a customer device toauthenticate the customer using push notification authentication.

Method 500 may begin when a customer 501 attempts an activity requiringauthentication in block 502. The example where a customer calls into acall center to pay a credit card balance is used to illustrate method500. In various embodiments, other activities requiring authenticationand other customer interaction channels may be used. For example, acustomer may request a balance transfer using a mobile applicationchannel and the like.

In block 504, a requesting platform 503 transmits the activity andcustomer identifier to a push notification gateway 505. To do so, therequesting platform 503 may establish a secure connection with the pushnotification gateway 505 to allow the requesting platform 503 tocommunicate securely with the push notification gateway 505. In variousembodiments, the requesting platform 503 may establish, for example, asecure socket layer (SSL) or similar secure connection with the pushnotification gateway 505. Once the secure connection is established, therequesting platform 503 may transmit, for example, a data packetcontaining data indicative of the activity and the customer identifierto the push notification gateway 505 via the secure connection.

In block 506, the push notification gateway 505 receives the requestfrom the requesting platform 503. For example, the push notificationgateway 505 may receive a data packet containing data indicative of theactivity and the customer identifier via the secure connection at acommunications interface.

In block 512, the mobile application 507 on the customer device mayreceive a push notification from push notification gateway 505, forexample, which may result in an in-application message to the customer501 that a certain activity is being attempted which requiresauthentication via the mobile application. For example, the customer 501may receive a push notification via its mobile device, which whencustomer 501 interacts with the push notification, the mobile deviceinterfaces the push notification with mobile application 507 to beginthe authentication process.

In block 510, the customer 501 interacts with the push notification by,for example, tapping or touching on the push notification to open themobile application 507. In various embodiments, an applicationprogramming interface and/or additional software executing on the mobiledevice may execute instructions to cause the mobile application 507 toopen and begin the authentication process. In block 514, customer 501may complete the authentication using, for example mobile application507.

In block 516, mobile application 507 may transmit authenticationinformation via a secure connection to push notification gateway 505.For example, mobile application 507 may transmit one or more datapackets containing the authentication information over a network via asecure connection. In various embodiments, the secured connectionsdescribed herein may contemplate using various encryption techniques tosecure the transmitted information.

In block 522, the push notification gateway 505 may determine whetherthe authentication information can be verified. To do so, pushnotification gateway 505 may compare the received authenticationinformation to known authentication information to determine whether thereceived information matches the known information. If theauthentication information is verified, the push notification gateway505 may transmit an approval to the requesting platform 503 toauthenticate the requested activity. This approval may be transmittedfrom the push notification gateway 505 to the requesting platform 503via a network using a secure connection.

In block 520, the requesting platform 503 receives the approval andpresents a success message to the customer 501.

In block 518, the customer is authorized to complete therequested/desired activity using, for example, the customer interactionchannel.

The present disclosure is not to be limited in terms of the particularembodiments described in this application, which are intended asillustrations of various aspects. Many modifications and variations canbe made without departing from its spirit and scope, as may be apparent.Functionally equivalent methods and apparatuses within the scope of thedisclosure, in addition to those enumerated herein, may be apparent fromthe foregoing representative descriptions. Such modifications andvariations are intended to fall within the scope of the appendedrepresentative claims. The present disclosure is to be limited only bythe terms of the appended representative claims, along with the fullscope of equivalents to which such representative claims are entitled.It is also to be understood that the terminology used herein is for thepurpose of describing particular embodiments only, and is not intendedto be limiting.

With respect to the use of substantially any plural and/or singularterms herein, those having skill in the art can translate from theplural to the singular and/or from the singular to the plural as isappropriate to the context and/or application. The varioussingular/plural permutations may be expressly set forth herein for sakeof clarity.

It may be understood by those within the art that, in general, termsused herein, and especially in the appended claims (e.g., bodies of theappended claims) are generally intended as “open” terms (e.g., the term“including” should be interpreted as “including but not limited to,” theterm “having” should be interpreted as “having at least,” the term“includes” should be interpreted as “includes but is not limited to,”etc.). It may be further understood by those within the art that if aspecific number of an introduced claim recitation is intended, such anintent may be explicitly recited in the claim, and in the absence ofsuch recitation no such intent is present. For example, as an aid tounderstanding, the following appended claims may contain usage of theintroductory phrases “at least one” and “one or more” to introduce claimrecitations. However, the use of such phrases should not be construed toimply that the introduction of a claim recitation by the indefinitearticles “a” or “an” limits any particular claim containing suchintroduced claim recitation to embodiments containing only one suchrecitation, even when the same claim includes the introductory phrases“one or more” or “at least one” and indefinite articles such as “a” or“an” (e.g., “a” and/or “an” should be interpreted to mean “at least one”or “one or more”); the same holds true for the use of definite articlesused to introduce claim recitations. In addition, even if a specificnumber of an introduced claim recitation is explicitly recited, suchrecitation should be interpreted to mean at least the recited number(e.g., the bare recitation of “two recitations,” without othermodifiers, means at least two recitations, or two or more recitations).Furthermore, in those instances where a convention analogous to “atleast one of A, B, and C, etc.” is used, in general such a constructionis intended in the sense one having skill in the art would understandthe convention (e.g., “a system having at least one of A, B, and C”would include but not be limited to systems that have A alone, B alone,C alone, A and B together, A and C together, B and C together, and/or A,B, and C together, etc.). In those instances where a conventionanalogous to “at least one of A, B, or C, etc.” is used, in general sucha construction is intended in the sense one having skill in the artwould understand the convention (e.g., “a system having at least one ofA, B, or C” would include but not be limited to systems that have Aalone, B alone, C alone, A and B together, A and C together, B and Ctogether, and/or A, B, and C together, etc.). It may be furtherunderstood by those within the art that virtually any disjunctive wordand/or phrase presenting two or more alternative terms, whether in thedescription, claims, or drawings, should be understood to contemplatethe possibilities of including one of the terms, either of the terms, orboth terms. For example, the phrase “A or B” may be understood toinclude the possibilities of “A” or “B” or “A and B.”

The foregoing description, along with its associated embodiments, hasbeen presented for purposes of illustration only. It is not exhaustiveand does not limit the invention to the precise form disclosed. Thoseskilled in the art may appreciate from the foregoing description thatmodifications and variations are possible in light of the aboveteachings or may be acquired from practicing the disclosed embodiments.For example, the steps described need not be performed in the samesequence discussed or with the same degree of separation. Likewisevarious steps may be omitted, repeated, or combined, as necessary, toachieve the same or similar objectives. Accordingly, the invention isnot limited to the above-described embodiments, but instead is definedby the appended claims in light of their full scope of equivalents.

In the preceding specification, various preferred embodiments have beendescribed with references to the accompanying drawings. It may, however,be evident that various modifications and changes may be made thereto,and additional embodiments may be implemented, without departing fromthe broader scope of the invention as set forth in the claims thatfollow. The specification and drawings are accordingly to be regarded asan illustrative rather than restrictive sense.

We claim:
 1. A system, comprising: a customer service authenticationprocessor; a customer interaction channel that receives, via anassociated customer interaction network, a request to access a thirdparty customer service provider system, via a device customer serviceapplication on a customer mobile device; an authentication processorconnected to the customer service application processor that receivescustomer data and customer input associated with an authenticationrequest, sent from the customer mobile device via the network, toauthenticate a customer, identifies a customer mobile device based ondevice identifiers, and evaluates risk factors associated with thecustomer mobile device, wherein the risk factors comprise whether thecustomer mobile device is jailbroken; and a communication interfaceassociated with the customer service authentication processor, thattransmits, via a push notification gateway, a push notification to thedevice customer service application on the customer mobile device thatestablishes, via the network, a secure connection between the customermobile device and the third party customer service provider system,wherein: the device customer service application displays via a userinterface on the customer mobile device, content and options for thecustomer from the third party customer service provider system; thethird party customer service provider system evaluates the customer'sresponse to the displayed content and options, and transmits to thecustomer mobile device responsive content and options based on thecustomer's response; and the device customer service applicationdisplays via a user interface the responsive third party customerservice provider system content and options.
 2. The system of claim 1,wherein the customer service authentication processor is a kioskprocessor.
 3. The system of claim 2, wherein the device customer serviceapplication is a device kiosk.
 4. The system of claim 1, wherein therisk factors further comprise whether device location services areactive on the customer mobile device, whether the customer mobile devicehas been reported lost or reported stolen, or reports of fraud orcompromise from other services on the customer mobile device, or somecombination thereof.
 5. The system of claim 1, wherein the pushnotification includes an embedded deep link that identifies the thirdparty customer service provider system in a payload of the pushnotification.
 6. The system of claim 1, wherein the customer data isderived from caller line identifier data.
 7. The system of claim 1,wherein the customer input is inputted into the customer mobile device.8. A computer-implemented method, comprising: receiving from a customer,via a customer interaction channel associated with a customerinteraction network, a request to access a third party customer serviceprovider system, via a device customer service application on a customermobile device; authenticating the customer, using an authenticationprocessor associated with a customer service authentication processor,based on customer data and customer input associated with anauthentication request received via the network; identifying thecustomer mobile device, using the authentication processor, based ondevice identifiers; evaluating risk factors associated with the customermobile device, using the authentication processor, wherein the riskfactors comprise whether the customer mobile device is jailbroken;transmitting, via a push notification gateway, using a communicationinterface associated with the customer service authentication processor,a push notification to the device customer service application on thecustomer mobile device that establishes, via the network, a secureconnection between the customer mobile device and the third partycustomer service provider system; displaying, via a user interface,content and options for the customer from the third party customerservice provider system, using the device kiosk; evaluating, using thethird party customer service provider system, the customer's response tothe displayed content and options; transmitting, to the customer serviceauthentication processor, responsive content and options based on thecustomer's response; and displaying, via a user interface, theresponsive third party customer service provider system content andoptions.
 9. The method of claim 8, wherein the customer serviceauthentication processor is a kiosk processor.
 10. The method of claim9, wherein the device customer service application is a device kiosk.11. The system of claim 8, wherein the risk factors further comprisewhether device location services are active on the customer mobiledevice, whether the customer mobile device has been reported lost orreported stolen, or reports of fraud or compromise from other serviceson the customer mobile device, or some combination thereof.
 12. Themethod of claim 8, wherein the push notification includes an embeddeddeep link that identifies the third party customer service providersystem in a payload of the push notification.
 13. The method of claim 8,wherein the customer data is derived from caller line identifier data.14. The method of claim 8, wherein the customer input is inputted intothe customer mobile device.